redline

Sharing

Copy URL

Twitter E-mail

General

Target

FieroHack.exe
Size

6.3MB
Sample

240629-3jtz9ssgnq
MD5

b88f61a7938ef8af011259c59efc3d3d
SHA1

ba6f4356993959799fbd88bb350558045c363a85
SHA256

640397d3d855cbb8e3400f7564294bae51d591f7adb0f7856b7acfeb47f4e3d2
SHA512

ba7a3564327f2ec4e0c34710205bdb297b8c4a29f020f973462897d52f4d99fefbb74c1f511195d2ac3bae0e44a8dc749cdf6d043ff5fba9939cdd73c59e7d40
SSDEEP

98304:0rLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvd6:uhIkwt+x31/CICj1lg6

Score

10^/10

Malware Config

Targets

- Target
  
  FieroHack.exe
- Size
  
  6.3MB
- MD5
  
  b88f61a7938ef8af011259c59efc3d3d
- SHA1
  
  ba6f4356993959799fbd88bb350558045c363a85
- SHA256
  
  640397d3d855cbb8e3400f7564294bae51d591f7adb0f7856b7acfeb47f4e3d2
- SHA512
  
  ba7a3564327f2ec4e0c34710205bdb297b8c4a29f020f973462897d52f4d99fefbb74c1f511195d2ac3bae0e44a8dc749cdf6d043ff5fba9939cdd73c59e7d40
- SSDEEP
  
  98304:0rLVoBkwXnc+AdMIm8r3ctMmKCOQhMCTgeZ1lcvd6:uhIkwt+x31/CICj1lg6
Score

10^/10

redline infostealer xmrig evasion execution miner persistence upx
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  #/Sirus.exe
- Size
  
  765.5MB
- MD5
  
  35161c329ace0d7440101eebbe9bf7a4
- SHA1
  
  fc9fd0634576444aab7411676c475df7071184b7
- SHA256
  
  6f82cf4d0ca6b745eb5a1d61fce06ce00b3da623e39ae4fe38a1bdc19a5493e8
- SHA512
  
  6988472683b72adf79f4b8a72a3b0e87b9122e3d8ab9bfda653655eea7af462850faefa4ae2f99189f0cb689f84920f7d8c400a97de0aa84ff617f5385a4e8ed
- SSDEEP
  
  3072:dpOAaAMUlp+iBv+PRcbj4nE3b9GLAUwESDqmDUZeV+BNDyNuCs5ORl9zeR8nOvUX:5MO5+Q3bokUT0qmDIe4rDyLs0x/B
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

RedLine payload

xmrig

XMRig Miner payload

Command and Scripting Interpreter: PowerShell

Creates new service(s)

Stops running service(s)

Executes dropped EXE

Loads dropped DLL

UPX packed file

Power Settings

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4